Re: Pass through aes-256

wasonce_2000 · ‎07-03-2003

Is it possable to connect to another pix using aes-256 from behind another

pix. I have used the fixup protocol esp-ike and this works for des or 3des but

I am not able to connect when I change to aes-256 on the remote pix.

mostiguy · ‎07-03-2003

are you sure the remote pix supports aes? what pix os is it running?

wasonce_2000 · ‎07-03-2003

Yes,

Here is my show version. This pix is also running a pix to pix site vpn using aes-256. I have placed a labtop outside of the firewall with a public IP and it

also hangs when a vpn client trys to connect on securing channel.

Cisco PIX Firewall Version 6.3(1)

Cisco PIX Device Manager Version 1.1(2)

Compiled on Wed 19-Mar-03 11:49 by morlee

hopper up 12 mins 42 secs

Hardware: PIX-515, 64 MB RAM, CPU Pentium 200 MHz

Flash i28F640J5 @ 0x300, 16MB

BIOS Flash AT29C257 @ 0xfffd8000, 32KB

0: ethernet0: address is 0050.54fe.ee01, irq 10

1: ethernet1: address is 0050.54fe.ee02, irq 7

2: ethernet2: address is 00d0.b708.c848, irq 11

3: ethernet3: address is 0002.b31b.e57a, irq 9

Licensed Features:

Failover: Enabled

VPN-DES: Enabled

VPN-3DES-AES: Enabled

Maximum Interfaces: 6

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: Unlimited

Throughput: Unlimited

IKE peers: Unlimited

This PIX has an Unrestricted (UR) license.

wasonce_2000 · ‎07-03-2003

This was issue was caused because I forgot

the crypto map interface outside command.